Small  Companies  Does \  Mware  Ha\e a  Real  I  uli 


Disaster 
Recovery 
on  Double 
Duty 


Virtualization 
and  replication 
technologies 
are  protecting 
against  disaster 
while  keeping 
business  services 
humming. 


Today.  97%  of  the  Fortune  Global  500  rely  on  VMwaref  the  global  leader  in  virtualization. 
We  helped  your  enterprise  become  cloud-ready.  Now  that  you’re  embracing  cloud  computing, 


Visit  vmware.com/whiteboard 


M  MOTOROLA 


TODAY,  ONLY  34%  OF  PEOPLE 
WORK  FROM  A  SINGLE  LOCATION. 


MOTOROLA  SUPERIOR  ANDROID  SOLUTIONS  MEAN  BUSINESS. 


BUSINESS 

READY 


'S-' 

l'\  \  l.W 
1 


LIFE.  POWERED. 


The  ideal  datab 
would  be  capabl 
real-time  analysi: 
really  big  data. 

Structured  and 
unstructured. 


CACHE 


-equest  a  free,  fully  functional,  i 


icpiring  trial  version  at  InterSystems 


HEADS  UP 


Micro 

Burst 


Dell  says  it  plans  to 
set  up  more  than 

20 

(lata  centers  in  Asia  to 
meet  growing  demand  for 
public  and  private  clouds. 


EUERGINGTECH 

Marvel  Offers 
Digital  Extras  for 
Comic  Book  Fans 

release  a  new  application  to  add 


superimposed  over  a  live  camera 
view  of  the  real  world  -  a  street,  tor 
instance.  There  are  various  ways  to 
do  this,  but  Marvel  will  use  technol- 


San  Jose  Gives  Free  Wi-Fi  Another  try 


offer  h^Kpeed  Wi-Fi  throughout  its 
downtown  area,  with  the  network 
payine  for  itself  by  tnakine  city 


CIO,  Vijay  Sammeta.  The  system  will  offer  im¬ 
proved  connectivity  for  municipal  employees 
and  satellite  fire  stations.  It  will  also  provide 
better  connections  for  wirdess  parkine 


ogy  from  Aurasma  that  relies  on 
Image  detection. 

The  AR  app  will  be  available  for 
Apple  iPhones  and  iPads  as  well 


ice  in  front  0 


Xeon 


LI  WORKS  BETTER  TOGETHER. 

o  °  ®  + 


+ 

QB3 

+ 


convergedintrastructure.com 


NEWS  ANALYSIS 


amazing  thing  happened  as  [I]  hit  the  doOT  of  the  West  Wing: 
My  BlackBerry  started  to  buzz  ”  meaning  the  email  was  back 
up,  he  said.  ‘*1  ^  to  tell  you,  it  was  the  best  feeling  I  ever  bad.” 
The  White  House  faced  three  or  four  more  outages  in  the 


White  House  CIO 
Endures  After 
Tough  Start 

Brook  Colangelo  had  been  on  the  job  just 
six  days  when  the  email  servers  went 
down  for  21  hours.  By  Pat  Thibodeau 


Internal  town  balls  drew  some  angry  users.  'They  had  Boppy 
drives  —  I  knew  >^^t  they  were  going  to  say,”  Colangelo  said. 

A  nine*hour  email  and  Internet  access  outage  in  February 
2011  forced  Colangelo  to  fax  updates  to  Obama  while  the 


with  redundant  email  servers. 

The  White  House  IT  ofBce  has  since  developed  a  Web-based 
portal  that  lets  staff  access  email  and  other  services  from  home 
"in  a  secure  and  records-managed  way,”  and  it  has  increased 
daily  data  center  coverage  from  eight  hours  to  24. 

The  office  has  also  rolled  out  support  for  personal  tablets 
and  smartphones,  increased  Internet  speeds,  rebuilt  the 
WhiteHouse.gov  website  and  cut  the  number  of  assets  that 
are  nearing  obsolescence  by  more  than  50%. 


'  f'  :'P  I  -  In  my  professional  career,  there  has  not 
been  a  worse  day  since  or  ever.” 


GRFAT  WFR  Hn<;TING 


THE  BEST  VALUE 


Superior  Website  Availability 
with  1&1  Dual  Hosting 

Your  website  is  simultaneously 
hosted  in  2  locations  in  our 
geo-redundant  data  centers! 


YOUR  PRIVACY  IS  IMPORTANT.  WE  AGREE. 

That's  why  at  1&1,  all  domains  come  with  FREE  Private  Domain  Registration  to  protect  your 
name,  address,  phone  number  and  e-mail  from  spammers  and  identity  thieves. 


1&1  BUSINESS 

PACKAGE 

■  UNLIMITED  Web  Space 

■  UNLIMITED  Traffic 

■  UNLIMITED  E-mail  Accounts 

■  UNLIMITED  MySQL  5 
Databases  (1  G6  each) 

■  UNUMITED24/7S«g)port 

■  FREE  DOMAIN  with 
Private  Domain  Registration 

$09^ 

per  month 

50%  OFF 


Get  started  today,  call  1  -877-461  -2631 


www.1and1.com 


The  price 


Microsoft  Moves  to 
Slow  Google  Apps 

Microsoft  hopes  a  quick  Office  365  price  cut  can 
help  it  blunt  the  strong  rise  of  Google’s  cloud 
application  suite,  analysts  say.  By  Juan  Carlos  Perez 


Microsoft  is  cutting  the  price  of  its  cloud-based 
service,  Office  365,  by  up  to  20%,  to  improve 
its  chances  of  success  in  the  enterprise  market 
and  to  stave  off  competition  from  Google  Apps, 
analysts  say. 

Microsoft  itself  says  the  cost  of  running  the  cloud  suite,  which 
typically  includes  hosted  versions  of  Exchange,  Office,  Share- 
Point  and  Lync,  has  fallen  and  thus  the  price  cut  announced 
earlier  this  month  is  simply  “passing  on"  savings  to  customers. 

Nonetheless,  Gartner  analj^  Matthew  Cain  says  it's  clear  that 
Microsoft  is  responding  to  Google’s  success  in  selling  its  cloud- 
based  services  to  businesses. 

“The  price  cuts  reffect  Microsoft’s  fear  of  Google,"  Cain  said. 
"Google  Apps  for  Business  has  increasing  momentum  in  the 
enterprise  sector,  and  Microsoft  is  dmng  everything  they  can  to 


Osterman’s  research  shows  that  when  cloud- 
based  email  services  are  priced  at  $20  per  seat  per 
month,  the  market  of  “likely  or  drfnite  adopters” 
is  equal  to  i6%  of  midsize  arid  large  companies.  At 
$r5,  the  share  of  likely  or  defitrite  adopters  jumps  to 
27%,  and  at  $10,  it  jumps  to  49%. 

“I  suspect  that  Microsoft  has  done  its  own 
ome  to  a  similar  conclusion  —  that  the  price  cuts 
:ant  enough  to  create  sufficient  demand  among  its 


research  and  come  to  a  similar  conclusion  —  that  the  price  cuts 
may  be  significant  enough  to  create  sufficient  demand  among  its 
potential  enterprise  customers,"  Osterman  wrote. 

The  decision  to  cut  Office  365  prices  came  just  a  couple  of 
weeks  after  Microsoft  disclosed  that  it  had  started  constructing 
a  new  $130  rrrillion  data  center  in  Dublin  that  will  be  used  to  run 
cloud  services  for  its  growing  European  customer  base.  A  spokes¬ 
woman  wouldn’t  say  when  the  new  fecility  will  open. 

Because  the  price  cut  came  early  in  Offixu  365’s  life,  it  could 
convince  wavering  customers  to  stick  with  Microsoft,  said  Rdiecca 
Wettemarm,  an  analyst  at  Nucleus  Research.  She  noted  that  it’s 
“better  for  Microsoft  to  capture  those  customers  at  a  lower  price 
point  than  have  Google  or  someone  else  compete  for  them."  ♦ 
Pertz  is  a  reporter^  the  IDG  News  Service.  MHaM  RicknSs 


)  todays  econoiTiy. 
line.OrtyAPC~by 


Only  APC  Smart-UPS  saves  money  and  energy 
without  sacrificing  availability 


Why  Smart-UPS  ii 

smarter  solution 


Now,  manage  both  your  UPS 
and  your  energy  proactively 


David  D. 
dark 


This  Internet  pioneer 
wants  to  help 
users  have  better 
experiences  online. 


What  do  YOU  do  in  your 
spare  time?  My  wife  would  say  that 
what  I  do  in  my  spare  time  is  work. 

I  love  my  work.  But  I  decompress; 

I  read,  I  Usteo  to  music. 

When  you're  not  working, 
do  you  use  the  Internet?  I  have 
a  presence  in  some  of  the  social . 
networking  sites,  but  I  confess  I  don't 
use  them  a  lot.  I  go  online  and  read 
things.  The  Web  is  a  fascinating  place. 

Do  you  have  times  when 
you’re  completely  unplugged? 
There  have  been  two  times  in  the 
past  two  years  when  I  was  completely 
off  the  Net.  It  was  when  my  wife  and 
I  went  to  the  Arctic,  but  I  still  had 
technology  with  me.  I  still  had  my 
computers,  because  I  was  taking 
digital  photographs. 


WHEN  the  American  Academy  ofArts  and  Sciences  decided  to  explore  the 
complex  issues  of  security  and  privacy  in  cyberspace  for  its  academic 
journal  Daedalus,  it  tapped  Internet  pioneer  David  D.  Clark  to  serve  as 
guest  editor.  Clark's  credentials  certainly  made  him  a  worthy  selection. 

He  has  been  involved  in  the  development  of  the  Internet  since  the  1970s  and  served  as  chief 
protocol  architect  and  chair  of  the  Internet  Activities  Board  from  ip8i  to  1989.  Today  he’s  a 
senior  research  scientist  at  MIT's  Computer  Science  and  Artificial  Intelligence  Laboratory. 
^  His  research  focuses  on  redefining  the  Internet’s  architectural  underpinnings.  Clark, 

'  tvho  in  September  received  the  Oxford  Internet  Institute  Lifetime  Achievement  Award  for 
his  work,  talks  here  about  the  Internet,  its  potential  and  problems,  and  its/iiture. 

Continued  on  page  16 
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THE  GRILL  I  DAVID  D.  CLARK 

Continued  from  page  14 

What  do  YOU  see  as 
the  binest  benefit  of 
the  Internet?  Hooking 
people  together, 
intermediated  by 
computing;  booking 
people  to  information, 
intermediated  by  a 
computer.  In  the  early 
days,  we  thought  we 
were  hooking  people  to 
computers.  I  remember 
in  the  days  of  Arpanet, 

the  people  doing 
the  funding  said  we 
shouldn't  be  doing 
something  like  email; 
we  should  really  be 
focused  on  booking 
people  to  high'power 
computing.  But  to  me, 
[the  benefit]  is  this 
intermediation  of  people 
getting  to  information 
and  to  each  other.  The 
computer  is  just  the 
platform  that  makes 
some  of  this  happen. 

What  do  you  sac  as  the 
most  trouMinf  aspects 
of  the  iRtemet  today? 

The  Internet  is  a  fairly  general  platform,  so  all  kinds 
of  things  can  happen  there,  including  good  things 
and  bad  things.  The  issue  we’re  dealing  with  today  is, 
how  do  we  police  and  control  the  bad  things  without 
impairing  the  good  thii^  This  is  a  problem  that  has 
a  technical  engineering  component  but  also  has  a  very 
social  component.  The  sort  of  fears  that  everyday  users 
have  of  something  bad  happenii^  to  them  —  combined 
with  a  sense  that  even  if  you’re  afraid  of  it,  there's  so 
much  that’s  importam  happening  on  the  Internet  that 
you  have  to  use  it  —  is  an  issue.  And  for  some  people, 
fear  is  a  reason  why  they  refuse  to  use  it.  We  have  to 
help  people  have  good  experiences  and  not  bad  ones. 

VM  ant*  abaM  a^daf  tiw  hrttriMt  hospitable 
place.’’ DO  you  tbb*  m  iolMMpitabte  ROW?  My 

answer  really  relates  to  the  previous  question.  On 
the  Internet,  it’s  really  hard  to  tell  if  you’ve  done  the 
equivalent  of  ending  up  in  a  bad  neighborhood.  It’s 
hard  to  tell  if  yc»  should  be  nervous  about  the  experi¬ 
ence  you’re  having.  At  the  superficial  level,  it’s  very 
welcoming  it’s  "Come  to  my  website,”  but  there’s 
always  a  little  bit  of  uncertainty  as  to  what’s  happen¬ 
ing,  and  it’s  really  that  that  makes  me  think  about 


UOn  the  Intemety 

it’s  really  hard  to 
tell  if  you’ve  done 
the  equivalent 
of  ending  up  in  a  bad 
neighborhood. 


it  being  an  inhospitable  place.  It  should  be  a  place 
where  you  feel  comfortable.  For  most  people,  it’s  a 
place  they  go  every  day,  but  I’m  not  sure  bow  many  of 
them  feel  comfortable  going  there. 


You  wrote  about  the  need  for  society  to  address 
barriers  to  using  the  Internet.  Who  should  lead  such 
efforts?  The  question  is  an  interesting  one,  because  it 
implies  that  we  need  chosen  leadership  to  accomplish 
this  task.  That’s  to  be  studied,  not  a  presumption.  If 
you  look  at  the  essence  of  what  makes  the  Internet 
what  it  is  today,  it’s  that  nobody’s  in  charge.  I  would 
re-ask  this  question  as:  “Do  we  need  leadetship  in  ' 
order  to  accomplish  this?"  I  think  nobody  needs  to 
be  in  charge,  we  just  all  need  to  understand  these 
are  pressing  questions.  All  that  said,  this  is  an  issue 
where  the  government  should  pay  attention. 


and  shape  the  future  of  the  Internet  is  it  possible 
to  reshape  the  Internet  at  this  point?  Let  me  qualify 
my  answer  by  being  careful  about  what  the  Internet 
means.  In  the  beginning  of  my  [Daedalus]  essay,  I 
pointed  out  that  to  a  technologist,  the  Internet  is  a  very 
small  part  of  the  experience.  It’s  that  layer  of  technol¬ 
ogy  that  carries  one  packet  from  one  area  to  another. 
When  we  talk  about  the  user  experience  and  how  it’s 
shaped  by  the  a{^lication,  the  Internet  changes  very 
fast.  Look  at  the  speed  at  which  Facebook  and  Twitter 
and  Google+  are  emerging.  Some  of  the  underlying 
technology  we’ve  been  trying  to  change  for  to  years, 
but  that  doesn’t  change  the  user  experietKe. 

Who  Should  step  up  to  do  this?  Let  me  answer  that 
with  a  pair  of  quotes.  A  famous  computer  scientist 
named  Alan  said,  “The  best  way  to  predict  the 
future  is  to  invent  it.”  My  variation  on  that  quote  is, 
“The  best  way  to  predict  the  future  is  to  invest  in  it.” 
If  you  look  at  the  early  history  of  the  Internet,  the 
investment  was  made  by  the  government.  Today  most 
of  the  investment  comes  from  the  private  sector.  So 
what  you  see  today  is  that  most  of  the  incentives  to 
step  up  and  irmovate  in  this  space  have  been  moti¬ 
vated  by  commercial  interests,  and  that’s  fine,  but 
who  else  might  have  a  motive  to  change  the  Internet? 


rc  that  Ibofe  who  itep  up  to  Shape 


The  question  has  a  presumption  of  what  is  beneficial. 
What’s  going  on  today  is  just  a  bunch  of  experiments. 
Facebook  was  an  experiment,  and  it  worked  Twitter 
was  an  experiment,  and  it  worked.  On  the  Internet, 
there  are  issues  of  fraud  and  privacy  and  there  will  be 
government  interventions,  but  by  and  large,  I  like  to 

mentation  [and  asking]:  Did  we  meet  a  need? 


-  Interview  by  Computerworld  contributing  writer 
Mary  K.  Pratt  (marykpran@verizon.net) 
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Get  started  today,  call  1  -877-461  -2631 


www.1andl.com 


Words  Are  First  Hurdle 
For  New  Tech  Managers 


New  managers 
lack  the  language 
to  understand 
the  value  of 
management 
itself. 


PaylGtenisthe 

CEO  of  Leading 
Geeks,  an  education 
and  consulting  firm 
devoted  to  unlocking 
the  value  of  technical 

contact  him  at  info9 
leadinggeeks.com. 


New  managers  struggle.  They  also  don’t  get  much  help  —  or 
sympathy.  My  last  column  elicited  a  lot  of  heartfelt  reader  emails 
about  the  difficulty  of,  and  lack  of  support  for,  the  transition  from 
technical  work  to  management.  My  conversations  with  those 


readers  also  revealed  that  whatever  support  they 
did  get  left  their  biggest  need  unmet.  Training 

—  but  the  new  managers  still  lacked  the  language 
to  truly  understand  the  value  of  management  itself. 

That’s  ri^.  What  they  needed  most  were  words. 

They  can  think  and  speak  clearly  about  techni¬ 
cal  wmk  and  bow  it  adds  value.  But  when  it  comes 
to  the  value  of  management,  they  have  only  vague 
words  and  platitudes  to  guide  them.  Without  the 
clarity  of  language,  new  managers: 

■  Can’t  know  what’s  important  in  their  jobs. 

■  Can’t  focus  on  value-adding  activities. 

■  Feel  incompetent. 

■  Fed  worthless  for  not  adding  value. 

■  Are  afraid  to  ask  for  help. 

■  Drni’t  even  know  how  to  ask  for  help,  since 
they  don’t  know  what  they  don’t  know. 

It’s  no  wonder  that  so  many  new  managers 
cling  to  their  technical  work  like  a  drowning  man 
to  a  life  preserver.  At  least  it  lets  them  know  when 
they  are  adding  value  and  being  competent. 

As  I’ve  coached  managers.  I’ve  iK)ticed  that  they 
need  to  progress  through  three  distinct  phases. 

Ptan  1:  Tht  laMfuaft  of  MglNMn.  New 
technical  managers  come  to  the  job  assuming  that 
a  manner  is  just  an  engineer  with  power.  They 
believe  that  managers  don’t  add  value;  they  just 
supervise  those  who  do.  They  retain  the  assump¬ 
tion  that  value  exclusively  comes  from  buildii^ 
and  fixing  thii^.  So,  they  talk  about  writing, 
developing,  designing,  building,  coding,  testing, 
d^loying,  fixing,  diagnosing  and  producing. 

PtaM  2:  TIm  languofo  of  autho^.  As  they 


begin  to  differentiate  their  former  role  from  the 
new  one,  they  focus  on  authority  —  on  status 
rather  than  value.  This  is  a  dangerous  time. 
Mana^rs  who  linger  (or  get  stuck)  in  this  phase 
get  branded  as  self-centered  and  power-hungry. 

In  it,  they  talk  primarily  about  leading,  directing, 
deciding,  planning,  approving,  monitoring,  re¬ 
warding  and  punishing.  As  soon  as  you  recognize 
this  phase,  start  talking  about  the  next  one. 

Successful  managers  recognize  that  authmity  itself 
does  not  add  value,  but  is  a  tool  that  offers  the  op¬ 
portunity.  The  value  managers  add  comes  from: 

■  Unleashing  the  productivity  of  others. 

■  Selecting  activities  with  good  paybacks. 

■  Avoiding  costly  mistakes. 

When  talking  about  unleashii^  others,  manag¬ 
ers  focus  on  faciliuting,  coaching,  selecting, 
mentoring,  inspiring,  org^izing  and  protecting. 
They  emphasize  how  they  help  others  rather  than 
bow  they  cmnmand  them. 

Selecting  valuable  activities  involves  aj^lying 
judgment,  building  consensus  and  marshaling 
resources.  Managers  think  about  analyzing,  in¬ 
vestigating,  influencing,  interviewing,  presenting, 
measuring,  negotiating,  coordinatii^,  delegating, 
setting  goab,  prioritizing  and  allocating  resources. 

Avoiding  costly  mistakes  is  about  recogniz¬ 
ing,  asking,  intervening,  redirecting,  preventing, 
finessing,  resolving  and  firefighting. 

To  help  a  new  manage  grow  into  her  job,  give 
her  the  tools  she  needs.  And  the  first  ones  are  not 
resources  and  direction.  The  first  are  words  to 
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The  entire  company  is  looking  at 


YOU 

to  protect  critical  data,  so  that's  why  you 

DESERVE 

a  dependable,  affordable  solution  that's 

LESS 

complex,  stressful,  and  time  consuming. 


SPOTLIGHT  I  STORAGE 


DISASTER 


Here’s  how  virtualization 
and  replication  technologies 

protect  data  from  disaster, 
while  keeping  business  services 
humming.  BY  ROBERT  l.scheier 


At  INGRAM  MICRO, 

executive  president 
and  CIO  Mario  Leone 
doesn’t  think  about  how 
much  he  will  spend  on 
disaster  recovery. 

That's  because  the 
global  electronics 
distributor  weaves 
its  disaster  recovery 

its  broader  business  ol^ectives  and  its  service-level 
agreements  (SLA)  with  its  15,000  users.  Since  2010, 
the  IT  shop  has  been  cutting  costs  and  meeting  its 
service  and  disaster  recovery  commitments  by  using 
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Smarter  technology  for  a  Smarter  Planet: 

Most  boats  are  moved  by  propellers. 

This  one  was  moved  by  intelligence. 

There  are  thousands  of  different  types  of  boats,  but  to  a  boat  dealer,  there  are  really  just  two:  boats  that  have  been 
sold  and  boats  that  haven’t.  MarineMaxf  the  world's  largest  boat  retailer,  is  using  Cognos*  business  analytics  software 
to  make  sure  its  boats  aren’t  languishing  in  showrooms,  hurting  its  bottom  line.  By  better  aligning  inventory  decisions 
with  customer  demand,  MarineMax  reduced  its  planning  cycle  from  3  months  to  3  weeks,  cut  costs  by  48%  and 
ultimately  moved  more  boats.  A  smarter  planet  is  built  on  smarter  software,  systems  and  services. 

Let’s  build  a  smarter  planet,  ibm.com/insights  ^  ^  _ _  _ 
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Snapshots  in  Time  | 

MPROVING  THE  PERFORMANCE  vf  Kpliation 
systems  and  rdxttd  tcdmolocies,  such  as  snapshot 
tools,  and  tailoring  them  to  shorten  virtualized 
disaster  recovery  times  is  a  key  focus  for  vendors. 

mJ  ,uaibUlti^  tii.ihagt'int’iii  j-roup. 
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as  tin*  anil  Mr(iuiit/ati« III  amijmncrns.  and  idi‘niil\  ml- 
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n  Actffio’s  protection  and  Avaiiability  Storage 

(PAS)  appliance  allows  users  to  execute  a  one-time  trans¬ 
fer  of  data  to  a  remote  site,  and  then  send  only  changes  to  the 
data,  with  the  changes  themselves  deduplicated,  says  Actlfio  CEO 

Ash  Ashutosh.  This  not  only  reduces  bandwidth  requirements:  it 

antnirits t«M»ls  nsftoulfntih  inalu.iic.  Tlii.‘d.ilaf).isi*  is  upiiati'ii 
hv  the  vendor's  rt*searcliers  and  its  users.  sj\  s  Cl  O  Gil  I  let  lit. 

OtJier  prtKhicis  with  those  lapabiiities  imlude  \  .VUsaie 

can  eliminate  the  need  for  backup  software,  he  says. 

The  distributed  object  file  system  within  PAS  contains  informa¬ 
tion  about  each  block  of  stored  data  that  makes  if  easier  to  find 

M  nptingand  aulomaium  m  ensure  that  VMs  are  hiou^ht  up 

Gaetan  Costelein,  VMware's  direetor  ol  pitKlnit  niarkentiii. 

Making  It  Pay 

such  as  test  and  development,  regulatory  compliance  or  legal 
searches,  he  says. 

■  FalconStor’s  COP  aims  to  speed  recovery  by  ensuring 
the  most  recent  snapshot  is  always  the  most  complete.  This 

Ohen.  tliettnh  wavloget  funding  lor  dis*isier  reiovi-rv  m  stems 
rs  to  denKmstrale  that  ihev  deliver  n)i>re  than  |usi  "insuranie,"  or 
that  lhe\  can  even  pa>  for  ihtinselves.  For  example.  Strand  u.si*s 

Fali'onStor  Stdiware's  Continuous  Data  Fnnec  ior  ai>pliana*  to  rep- 
lieate  about  50TB  of  data  and  25  virtual  servers^'twe«»  its  remote 
offices  and  headquarters.  This  is  not  only  easier  and  less  expi*nsi\e 
than  using  a  colocation  facility,  but  tire  higlier  Uuidwidih  required 

the  initial  backup  before  recovering  the  data.  And  it  can  save 
hours  when  recovering  tens  of  terabytes  of  data,  says  Fadi 

Albatal.  vice  president  of  marketing  and  product  management. 

■  Asigra’s  Cloud  Backup  eliminates  the  need  for  dedicated 
physical  recovery  hardware  by  automatically  backing  up  VMs 
to  virtualized  environments  and  scaling  up  the  VMs  in  the 
recovery  environment  so  they  can  meet  production  needs.  By 

for  the  refJication  also  makes  it  easier  for  emplmees  to  videiHron- 
ference  and  share  t.x>mpk’x  engineering  d<K-umenis. 

automatically  creating  new  servers  and  provisioning  storage, 
it  can  reduce  restore  times  from  hours  to  minutes,  says  Eran 

That  bandwidth  also  allows  Strand  to  "lake  siia()shiMs  eviTv 
hour  on  the  hour,  so  we  can  facilitate  a  file  restore  inabimt  ihrir 
to  five  minutes.”  sa\  s  Bell.  Given  the  expense  the  company  would 
incur  if  an  engiiK>er  had  to  repeat 
several  hours  of  vM>rk.  the  ability  to  take 
snapshots  helps  justih  tlicuwl  of  disaster 
j  recovery  even  withtml  a  disaster,  lie  says. 

Farajua  an  executive  vice  president  at  Asigra. 

■  Egcncra’s  PAN  (Processing  Area  Network)  Hanafor 

software  virtualizes  connections  between  physical  or  virtual 
hosts  to  a  customer's  network  or  storage  resources,  thereby 
speeding  restoration  by  making  it  easier  to  create  not  just  VMs. 

Out  also  the  network  and  storage  connections  needed  to  make 

V  Thorntons  Inc.,  a  Lmiisv  die.  Ky.-based 

•  convenience  store  operator,  recoups 

much,  if  not  all.  of  the  cost  (rf  disaster 
t  recovery- b>’ using  DataCore  Software's 

^  ^  SANsymphony  storage  virttuiizationsofi- 

►  ware  OnXlOtech  SANs  it  (jurt  based  to 

suf^xjTt  its  newest  servers,  while  inm  ing 
its  older  Dell  Compiment  SANs  and  oldiT 
servers  to  nearb>  space  it  alreadyleased 

them  work,  says  John  Humphreys,  vice  president  of  marketing. 

PAN  can  also  automatically  detect  failures  in  production 
servers  and  move  them  to  the  recovery  environment,  with  the 
new  server  looking  'just  like  it  did  before,  with  the  same  MAC 
address  and  same  resources.'  says  Scott  Geng.  senior  vice 
president  of  engineering. 

■  DlN^  CPBipRlhNt  Uw  VOlMNie  enables  a  physical  server 
or  VMS  to  share  a  virtual  storage  volume  among  Dell's  Compellent 
storage  Center  SANs  in  a  semi-synchronous  configuration  that 

engineer  Kevin  Schmidt  say.s  that  gives 
the  company  disaster  recovery  for  its 
full  application  environment,  not  just  its  data,  and  it  has  improved 
performance  and  cut  the  tinte  required  to  produce  a  profit  and  k>ss 

enables  always-available  failover  volumes  or  LUNs.  and  makes  it 
possible  to  move  data  closer  to  users  for  performance  reasons, 
says  Brett  Roscoe.  general  manager  and  executive  director  of 
data  management  at  Dell. 

Jason  Buffington,  an  analyst  at  Enterprise  Strategy  Group,  says 

Another  benefit  is  that  virtualization  allows  the  company  to 
use  the  Dell  Compellent  storage,  for  which  it  paid  $350,000  in 

2007.  as  a  recovery  platform  for  its  newer  XIOlech  storage. 

Copiiiriuid  i*u  page  26 

applications  like  Microsoft  Exchange.  Microsott  SQL  Server  and 
some  network-attached  storage  plattorms  offer  capabilities  such 
as  replication  and  failover  at  little  or  no  extra  cost 

-  ROBERT  L.  SCHEIER 
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Snapshots  in  Time 


recovery  of  VMs  with  the  ability  to  account  for  dependencies 
among  VMs.  The  enhancements,  found  in  products  for  busi¬ 
nesses  of  all  sizes,  also  make  it  easier  to  use  multiple  public  oi 
private  cloud  backup  services,  and  to  convert  a  physical  serve 
a  production  site  to  a  virtual  server  at  a  recovery  site,  says  Da 
Lamorena,  director  of  product  marketing  for  Symantec’s  stor, 
and  availabiUty  management  group. 

Continuity  ^ftware's  RecoverGuatd  software  is  designed  t 
automatically  check  all  critical  infrastructure  components,  su 
as  the  file  system  and  virtualization  components,  and  identify 
nerabilities  that  could  cause  downtime  and  data  loss.  It  looks  I 
vulnerabilities  using  a  database  of  “signatutes''  similar  to  the  c 
antivirus  tools  use  to  identify  malware.  The  database  is  update 
by  the  vendor's  researchers  and  its  users,  says  CEO  Gil  Hecht. 

Other  products  with  those  capabilities  include  VMware 
vCenter  Site  Recovery  Manager,  which  also  supports  custom 
scripting  and  automation  to  ensure  that  VMs  are  brought  up 
and  reconnected  in  the  proper  order  across  multiple  sites,  say 
Gaetan  Castelein,  VMware’s  director  of  product  marketing. 


support  its  newest  servers,  while  moving 
its  older  Dell  Compellent  SANs  and  older 
servers  to  nearby  space  it  already  leased 
as  a  disaster  recovery  site.  Senior  network 
engineer  Kevin  Schmidt  says  that  gives 


perfocmanoe  and  cut  the  time  requited  to  produce  a  profit  and  I 
statement  firam  to  or  12  hours  to  less  than  fire  hours. 

Another  benefit  is  that  virtualization  allows  the  company  t 
use  the  Dell  Compellent  storage,  for  which  it  paid  $350,000  i 
2007,  as  a  recovery  platform  for  its  newer  XlOtech  storage. 


Making  It  Pay 

often,  the  only  way  to  get  funding  for  disaster  recovery  systems 
is  to  demonstrate  that  they  deliver  more  than  just  “insurance,”  or 
that  they  can  even  pay  for  themselves.  For  example.  Strand  uses 
FalconStor  Software's  Continuous  Data  Protector  appliance  to  rep¬ 
licate  about  50TB  of  data  and  25  virtual  servers  between  its  remote 
offices  and  headquarters.  This  is  not  only  easier  and  less  expensive 
than  using  a  colocation  focility,  but  the  higher  bandwidth  required 
tor  the  replicatipn  also  makes  it  easier  (or  employees  to  videocon¬ 
ference  and  sh^  complex  engineering  documents. 

Vnutbaadwi^  also  allows  Strand  to  “take  snapshots  every 
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THE  EXPERIENCE,  STRATEGIC  ALLIANCES  AND  NETWORK  TO  MAKE  THE  DIFFERENCE. 
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New  Approaches 
To  Data  Recovery 


SOME  IT  SHOPS  are  expanding  di¬ 
saster  recoverv  to  include  not  only 
servers,  but  also  user  devices. 

'  n,- , ;  e  using  portions  of  backup  sites 
ro  store  images  of  virtual  desktops, 
laptops  or  even  tablets  so  users  can 
have  access  to  their  data  and  applica¬ 
tions  while  they  await  replacement  devices,  says  Eran 
Farajun.  executive  vice  president  at  Asigra.  which  is  also 
giving  customers  the  ability  to  back  up  and  restore  data 
from  consumer  devices  such  as  smartphones  and  tablets. 

Jason  Buffington,  an  analyst  at  Enterprise  Strategy 
Group,  says  many  companies  now  require  branch  offices 
to  adopt  the  same  protection  standards  as  headquarters. 
He  says  products  designed  to  help  with  such  efforts 
include  Riverbed  Technology's  Steelhead  EX+  Granite  ap¬ 
pliances.  which  optimize  the  performance  of  wide  area 
networks  to  speed  backup  and  replication  from  branch 
offices  to  central  data  centers. 

And  many  organizations  are  reducing  or  ending  then  use 
of  tape  for  disaster  recovery,  although  some  still  use  it  for 
long  term  archiving. 

"For  us.  tape  is  dead."  says  Kurtis  Berger.  iT  manager  at 
Provider  Advantage  NW.  "it  was  the  second  tape  drive  that 
failed  that  finally  pushed  us  toward  a  hard-dr.ve-only  solu¬ 
tion.  Hard  drives  are  faster,  and  so  cheap,  we  just  couldn't 
find  any  reason  to  entertain  the  idea  of  tape  anymore." 

"Tape  has  been  a  love-hate  relationship  -  mostly  hate." 
says  Jason  Axne,  systems  administrator  at  conveyer  belt 
manufacturer  Wire  Belt  Company  of  America.  He  cites 
tape's  unreliability,  the  lengthy  recovery  periods  for  even 
single  files  or  email  mboxes,  and  the  time  required  to  man¬ 
age  backups.  Using  Actiho  PAS  and  disk-based  storage,  he 
says.  "I  don’t  spend  any  time  during  the  day  managing  our 
backups .  .  because  it  lUSt  works." 
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CkMid  Disaster  Recovery?  Not  So  Fast 

Some  providers  say  cloud-based  disaster  recovery  will  bring  the 
benefit  of  true  disaster  recovery,  rather  than  just  backup,  to  small 
and  midsize  businesses  that  until  notw  couldn't  afford  it. 

Pat  O’Day,  co-founder  and  CTO  of  Bliielock,  a  provider  of 
public  doud  virtual  data  centers,  says  customers  are  increasingly 
satisfied  with  cloud  security.  Many  security  experts  say  even 
public  cloud  environments  in  which  multiple  customers  share 
hardware  can  be  made  secure  with  the  proper  processes. 

But  a  fall  zoti  Forrester  Research  survey  showed  that  only  i:% 
of  large  enterprises  and  9%  of  small  to  midsize  businesses  bad 
adopted  recovery  as  a  service,  with  35%  of  large  enterprises  and 
41%  of  SMBs  saying  they  were  interested  in  it  but  had  no  plans. 

Berger  says  cloud  providers  only  promise  "not  to  gp  into  your 
servers”  when  he  rpiestions  them  about  security.  “To  me,  that’s 
not  enough,"  he  says,  adding  that  the  disaster  recovery  prices  he’s 
hearing  —  $500  per  month  per  server 
—  are  “mote  than  I  can  justify.”  He 
instead  uses  Actonis  Backup  &  Recovery 
to  back  up  approximately  60  VMs  at 
two  data  centers.  The  facilities  ate  only 
a  half-hour  apart,  so  this  setup  would 

not  nreet  some  definitions  of  a  disaster 

recovery  system,  but  he  says  it  covets 
most  of  his  needs  because  the  applica¬ 
tions  aren’t  mission-critical. 

Hecht  downplays  resistance  to  cloud- 
based  disaster  recovery,  saying  the  small¬ 
est  companies  typically  bcKt  their  entire 
infrastructures  in  the  cloud,  and  thus  get 
some  level  of  disaster  recovery  simply  by 
keeping  applications  and  data  off-ske. 

Smaller  compaiiies  that  do  choose  the  cloud  typically  don’t  do 
it  for  the  savings,  he  says,  hut  because  “it’s  just  so  much  simpler 
to  have  a  system  you  set  up  and  forget.” 

While  midsize  otganizatioru  have  some  incemive  to  consider  di¬ 
saster  recovery  in  the  cloud,  few  of  them  use  the  cloud  for  mission- 
critical  systems  that  require  true  disaster  recovery  —  and  what  they 
gel  in  the  doud  is  closer  to  dedicated  hostir^  (with  the  customer’s 
daU  and  systems  nmning  on  separate  hardware)  rather  than  a 
mukitenant,  elastic,  pay-asyou^  public  cloud,  Hecht  says. 

Most  large  organizatirms  are  big  enough  to  provide  disaster 
recovery  themselves,  he  says,  and  even  if  they  weren’t,  “there’s  no 
good  solutioo”  for  protecting  sensitive  applications  in  the  cloud. 

Cloud  disaster  recovery  is  also  not  suited  for  applications 
that  rely  on  older  platfiirms  that  most  cloud  providers  don’t 
offer,  or  large  databases  that  don’t  perfirrm  well  in  the  cloud, 
says  Morency.  Users  also  need  to  watch  fiir  the  hidden  costs  of 
software  licenses  some  cloud  vendors  charge  foir  software  sitting 
unused  on  remote  VMs  or  disaster  recovery  systems,  he  says. 

Both  Gartner  and  Forrester  also  warn  that  most  doud  disaster 
recovery  provideis  will  refund  only  a  portion  of  a  customer’s  fee 
if  disaster  recovery  falls  short  —  nowhere  near  enough  to  make 
up  for  the  potential  revenue  loss  that  such  an  event  could  cause. 

The  cost  of  the  bandwidth  required  to  quickly  recover  an  or- 
ganizatioo’s  VMs  and  data  from  the  doud  is  often  an  unwelcome 
surprise,  says  Alan  Arnold,  executive  vice  president  and  CTO  at 


Vision  Solution  Management,  which  provides  high-availabilit 
and  disaster  recovery  software  and  services.  Some  customers 
providers  opt  to  physically  ship  portable  hard  drives  via  overn 
courier,  says  Arnold,  recalling  that  one  user  joked  that  “FedE 
still  the  la^st-bandwidth  network  out  there." 

With  IT  so  cemral  to  the  business  and  budgets  so  tight,  it’s  et 
sential  to  get  input  from  tq>  business  managers  to  asseu  which 
plications  deserve  the  highest  levels  of  protection.  Ingram  Mic 
for  example,  conducted  a  business  impact  analysis  that  put  vari 
applications  in  different  tiers,  with  voice,  email,  ERP  and  order 
among  the  top  priorities.  The  company  thought  of  it  “just  like  a 
insurance  policy,”  says  Mazor.  “It  helped  us  think  of  how  much 
insurance  we’re  going  to  buy.”  ♦ 

Schcier  is  a  vetemn  technology  writer.  You  con  contact  him  at 
hoh@scheierassociates.com. 
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For  insUnce,  encryption  keys  kept  in  a  predictable 
place  are  like  bouse  k^  left  under  a  welcome  mat: 
They're  easy  prey  for  intruders. 

In  December,  hacking  group  Anonymous  broke 
into  SpecialFbrcescom,  a  provider  of  law  enftxcement 
equipment,  and  stole  thousands  of  customers’ data 
arid  credit  card  numbers.  The  data  was  encrypted, 
so  the  crisis  appeared  to  have  been  averted.  But  the 
hackers  didn’t  stop  there.  They  broke  into  the  compa- 


event,”  unless  the  data  is  encrypted. 

Applied  Materials  faces  strict  customer  and  legal 
requirements  to  protect  information.  The  company, 
which  operates  in  25  countries,  began  roiling  out 
full-disk  and  message  encryption  in  late  2oro  as  part 
of  a  tech  refresh  of  its  t3,ooo  laptops.  Today,  78%  of 
laptops  are  encrypted,  with  otrly  a  few  holdouts. 

-nie  change  has  been  positive  all  over  the  worU,” 
says  Matthew  Archibald,  who  serves  as  both  chief 
irtformation  security  officer  and  chief  privacy  officer 
at  the  Santa  Clara,  Calif.-based  comparty.  “On  the 
engineering  side,  they  believe  anything  slows  [the 
system]  down,  so  you  have  to  show  them  that  it 
doesn’t  impact  them  in  arty  way." 

At  Intel,  85%  of  laptops  have  full-disk  encryptiott, 
but  CISO  Malcobn  Harkins  is  already  assessing  the 
next  big  thing  —  self-encrypting  hard  drives,  which 
will  address  encryption  gaps  when  laptops  ace  in 
starrdby,  sleep  or  hiberoate  inodes. 

“As  you’re  moving  to  products  that  are  always  on/ 
instant  on,  if  you’ve  got  a  nine-hour  battery  life  and 
it’s  always  on  standby,  the  data  is  not  encrypted,” 
Harkins  says.  “1  also  want  to  improve  the  user  expe¬ 
rience,”  he  adds,  referring  to  the  fact  that  encryption 
typically  requires  users  to  enter  passcodes  and  wait 
for  systems  to  reboot.  “If  I  can  (to  that,  as  well  as 
potentially  tower  my  cost  of  control,  self-errcrypting 
drives  mi^t  be  the  answer.” 
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Kindervag  says,  and  credit 
card  payment  processors 
are  capable  ol  expand¬ 
ing  tb^  key  manage¬ 
ment  technologies  into 
intellectiial  property  and 


own  built-in  key  manag¬ 
ers  that  also  create  backups,  "so  at  least  you  have 
some  consistency,"  Ouellet  says.  “The  key  manager 
that  comes  with  those  solutions  is  probably  good 
enough."  But  centralized  key  management  might  be 
the  answer  for  companies  that  find  themselves  using 
a  growing  number  of  encryption  tools  and  keys. 

A  quarter  of  companies  surveyed  by  Forrester 
have  adopted  centralized  key  management  in 
some  form,  be  adds,  but  that  number  will  grow  as 
interoperability  standards  take  hold. 

Open  standards  organization  Oasis  has  developed 
a  key  management  interoperability  protocol  (KMIP) 
as  a  standard  within  cryjnographic  systems.  “This 
standard  has  been  growing  and  is  replacing  (dder 

standards,”  Ouellet  explains.  “The  only  catch  is  that 
while  most  organizations  that  provide  cryptography 
want  to  suiq»rt  KMIP,  they’ll  do  it  as  a  means  to 
manage  others' keys.  They’re  not  allowing  others 
to  manage  their  keys.  It’s  kind  of  a  chicken  and  egg 
thing,”  which  will  hold  back  adrqrtion  “unless  the 
vendors  start  opening  themselves  up,”  he  says. 

Do’S  and  Don’ts 

Analysts  say  to  leave  key  management  to  the  ptofes- 
sionails.  Kiiidervag  advi^  IT  shops  to  deploy  an 
enterprise-quality  key  mans^ment  program  that 
understands  key  management  in  their  companies. 
“Don’t  try  to  build  your  own,”  he  cautions.  “Don’t 
email  ke^  back  and  fmth,  and  don’t  leverage  things 
like  Active  Directory  to  store  keys.” 

Do  keep  the  key  management  function  in  a 
segment  of  your  network  that  is  completely  separate 
from  the  encrypted  data,  and  protect  it  with  features 
such  as  Layer  7  firewalls,  IPS  devices  and  strong 
access  control,  he  adds.  Only  a  few  people  who 
ate  designated  to  manage  keys  should  have  access 
to  that  segment  of  the  network,  and  they  should 
constantly  monitor  what  is  happening  on  the  key 


atrd  managing  keys, 
Ouellet  says.  Cloud  providers  can  create  private 
virtualized  environments  for  small  businesses  and 
manage  the  technology  side. 

The  trick  to  successful  deployments  of  encryp¬ 
tion,  key  management  and  digital  rights  is  to  make 
things  easy  for  users. 

“Spend  quality  time  with  self-installing  pack¬ 
ages,”  says  Applied  Materials’  Archibald.  “We  have 
automated  distribution  of  the  software,  and  it’s  just 
a  matter  of  having  it  enabled  for  the  user.  There  are 
only  two  or  three  things  an  individual  needs  to  do 
—  set  their  pass  phrase,  sync  that  to  their  Windows 
login  and  rdroot  their  machine.”  • 


Key  Management 

while  encrypting  data  is 
inijxjrtant,  tlie  keys  that 
contn)!  tlieencryptKMi 
.itid  tkvryption  prtK'esses 
are  even  more  important 
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ableinthedoiKl  witti 
service  providers  \\’lw 
specialize  iti  enterprise 
key  management.  “Tra¬ 
ditional  PKI  vendors  are 
niovii^  in  that  direction.** 
Kindervag  says,  and  credit 
card  payment  processors 
are  capable  of  expand¬ 
ing  their  key  manage¬ 
ment  technologies  into 
intellectual  propeny  and 
custodial  data  areas. 

Cloud  key  manage- 


ers  iliat  also  create  backups,  “so  at  least  you  have 
some  consistency."  Ouellet  says.  “Tlie  key  manager 
that  comes  with  those  solutions  is  probably  good 
enough."  But  centralized  key  management  might  be 
the  answer  for  companies  that  find  themselves  using 
a  grow  ing  number  of  encryption  tools  and  keys. 

A  quarter  of  companies  survey^  by  Forrester 
have  adopted  centralized  key  management  in 
some  form,  he  adds,  but  that  number  will  grow  as 
interoperability  standards  take  hold. 

Open  standards  organization  Oasis  has  developed 
a  key  management  interoperability  protocol  (KMIP) 
as  a  standard  within  cryptographic  systems.  “This 
standard  has  been  growing  and  is  replacing  older 
standards,”  Ouellet  explains.  “The  only  catch  is  that 
while  most  organizations  that  provide  cryptography- 
want  to  support  KMIP.  they’ll  do  it  as  a  means  to 
manage  others’  keys.  They’re  not  allowing  others 
to  manage  their  keys.  It’s  kind  of  a  chicken  and  egg 
thir^,”  which  will  hold  back  adoption  "uiiless  the 
vendors  start  opening  themselves  up,"  he  says. 


mentis  also  a  big 
right  now"  for  smaller 
organizations  that  don't 
feel  comfortable  owning 
and  managing  keys. 
Ouellet  says.  Cloud  providers  can  create  private 
virtualized  environments  for  small  businesses  and 
manage  the  technology  side. 

The  trick  to  siKcessfui  deployments  of  encry  p* 
tion.  key  management  and  digital  rights  is  to  make 
things  easy  for  users. 

“Spend  quality  time  with  self-installing  pack¬ 
ages,”  says  Applied  Materials’  Archibald.  "We  have 
automated  distribution  of  the  software,  and  it’s  just 
a  matter  of  having  it  enabled  for  the  user.  There  are 
only  two  or  three  things  an  individual  needs  to  do 
—  set  their  pass  phrase,  sync  that  to  their  Windows 
login  and  reboot  their  machine.”  ♦ 

Collett  is  a  Computerworld  contribufitig  uritpr. 

You  can  cunracr  her  ar  stcoilert^aol.rurn. 


Proceed  with  Caution 
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Do’s  and  Don’ts 

Analysts  say  to  leave  key  management  to  the  profes¬ 
sionals.  Kindervag  advises  IT  shops  to  deploy  an 
enterprise-quality  key  management  program  that 
understands  key  management  in  their  companies. 
“Don't  try  to  build  your  own,"  he  cautions.  “Don’t 
email  keys  back  and  forth,  and  don’t  leverage  things 
like  Active  Directory  to  store  keys." 

Do  keep  the  key  management  function  in  a 
segment  of  your  network  that  is  completely  separate 
from  the  encrypted  data,  and  protect  it  with  features 
such  as  Layer  7  firewalls,  IPS  devices  and  strong 
access  control,  he  adds.  Only  a  few  people  who 
are  designated  to  manage  keys  should  have  access 
to  that  segment  of  the  network,  and  they  should 
constantly  monitor  what  is  happening  on  the  key 
management  servers,  such  as  who  is  seeking  access. 

In  the  near  future,  key  management  will  be  avail- 


oiphaied  documems  that  no  one  can  open.  One  Gartner  dleni  had  to 
upgrade  twkx  over  the  past  eight  years,  he  adds. 


-tf  documents  aie  only  going  to  live  tor  12  to  18  months,  that's  a  risk 
viindow  that  you  can  manage.' he  says. -But  If  the  documents  need 
to  live  for  four  to  live  yeais  or  more,  then  you  have  tt  start  building 
a!tematesystenis,-siichasooeslbrl<eeplngcopie5inplainteathaiaie 
accessible  to  only  one  or  tvm  people  in  the  organization. 

-  STACY  COLLETT 
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rm  IT  director,  chief  technology  officer, 
truck  driver,  nvindow  washer  and,  at  the 
end  of  the  hands-on  technologist 

snvni  Mima,  cia  touchstone  behavioral  health 


’m  doing  here  ” 


Conrinued  from  page  32 
cover  big-enterprise-style  initiatives  lik 
and  VLANs,  vtdiile  at  the  same  time  pc< 
on  support  to  more  than  200  users  seal 
state  of  Arizona. 

“Some  days  I  wonder  what  the  hell  I 
jokes  Porter,  60,  who  has  worked  at  Touchstone,  a 
provider  of  behavioral  services  to  at-risk  children  in  the 
state’s  Medicare  program,  for  more  than  five  years. 

Following  a  successful  run  as  a  television  producer 
of  live  auto  racing  events  and  motorsports  news  pn>- 
gramming,  Porter  leveraged  his  burgeoning  interest  in 
the  Internet  to  land  a  job  with  an  e-commerce  devel¬ 
oper  in  1995.  After  he  served  a  couple  of  subsequent 
dot-com  stints.  Touchstone  Behavioral  sought  him  out 
for  the  IT  director's  spot. 

Porter  sees  the  role  as  a  challenge.  'Tm  being  asked 
to  do  the  same  things  as  my  enterprise  counterparts . . . 
but  the  head  count  of  our  entire  IT  organization  is 
smaller  than  one  of  their  development  teams,"  he  says. 

Even  with  budget  sbort&lls  and  resource  con- 


a  difference  make  him  a  good  fit  for  a  smaller  organiza¬ 
tion.  That  was  certainly  what  prompted  him  to  take 
the  IT  director  spot  at  Touchstone  ^havioral  —  and 
stick  around  long  enough  to  grow  it  into  a  full  CIO  role. 

“The  company’s  mission  a{^)ealed  to  the  old  hippie  in 
me,”  Porter  says.  “With  technology,  we  deliver  tools  that 
help  with  some  of  the  business  processes  and  documen¬ 
tation.  If  that  gives  [therapists]  airother  15  minutes  a  day 
to  work  with  the  kids,  then  we’ve  achieved  something." 

With  less  bureaucracy  and  smaller  leadership  teanrs. 
Potter  says,  his  group  is  more  nimble,  implementing 


virtualization  and  voice  over  IP  in  months  rather  than 
in  the  years  it  takes  larger  organizations  to  close  the 
books  on  similar  projects. 

“Governance  becomes  a  matter  of  two  or  three  busi¬ 
ness  units  getting  together,  sometitrtes  literally  in  the 
hallway  or  over  a  cup  of  oo&e,  and  making  the  decision 
to  go  in  a  certain  direction  or  to  have  this  particular  proj¬ 
ect’s  needs  supersede  anything  else  going  on,”  he  says. 

Potter  and  other  tech  execs  at  small  organizations 
mi^t  find  such  agility  appealing  and  the  challenges 
enjoyable,  but  is  a  stint  in  a  small  organization  good  for 
an  IT  professionars  career  trajectory? 

Some  industry  watchers  say  small-pondets  are  in 
a  position  to  crUtivate  skills  that  set  them  apart  from 
their  peers.  “When  you’re  a  leader  in  a  small  depart¬ 
ment,, you  gain  experience  you’ll  never  get  in  a  large 
organization,"  says  John  Reed,  executive  director  of 
Robert  Half  Technology,  an  IT  staffing  firm. 

Continued  on  page  y6 
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Continued  from  page  34 

"Because  th^  have  an  all-hands-on-deck  mentality 
and  there  ate  often  no  defined  career  descriptions, 
[small-company  tech  execs]  learn  a  lot  of  additional 
skills  and  how  to  do  more  with  less.  It  lets  them  build 
out  their  r^me  in  a  robust  way  and  makes  them  mote 
marketable  to  their  next  employer,"  Reed  asserts. 

IT  staffers  in  larger  organizations  might  only  be  able 
to  gain  cursory  management  experience  by  a  given 
point  in  their  careers,  for  example,  or  might  only  focus 
on  one  specific  technology  area,  like  virtualization. 

In  comparison,  tech  professionals  working  their  way 
up  the  ladder  in  a  smaller  firm  with  fewer  specialists 
often  do  hands-on  problem-solving  across  numerous 
technologies.  They  also  have  the  potential  for  deeper 
management  experience  —  working  with  budgets  and 
interfacing  with  other  business  functions,  for  example. 

The  downside  is  that  lingering  too  long  on  the  small- 
shop  path  puts  a  tech  exec  at  risk  of  being  pigeon¬ 
hole  as  someone  who  “won’t  translate  well  to  a  large 
organization,"  Reed  cautions.  “If  you  start  exceeding 
the  five-year  mark,  you  need  to  stop  and  think  from  a 
career  perspective,  ‘Am  I  happy  staying  in  this  type  of 
setting  from  now  on?’  ’’ 


as  further  examples  of  his  ability  to  enact  technology 
change  much  faster  in  Lynnwood  than  he  could  in  the 
larger  Fresno  IT  infrastructure. 

When  Haugan  first  came  to  Lynnwood  five  years  ago, 
the  city’s  zs-year  old  PBX  phone  system  was  failing  on  a 
daily  basis.  In  a  matter  of  months,  he  made  a  successful 
case  to  implement  VoIP,  including  a  network  overhaul 
that  encompassed  the  integration  of  voice  and  email. 

Back  in  Fresno,  a  similarly  aging  phone  system 
never  ended  up  being  replaced,  just  perennially  fixed, 
because  management  considered  it  too  disruptive  to 
replace  a  system  that  served  60  sites  and  more  than 
5,000  employees,  he  recalls. 

“[In  Lynnwood],  I  didn’t  have  all  these  hurdles  to 
jump,"  Haugan  explains.  “I  didn’t  have  to  go  to  each 
director  and  say,  ‘I  want  to  put  VoIP  in  and  here’s  why.’ 

I  could  go  straight  to  the  mayor  and  make  it  happen. 
There  was  much  less  ted  tape,  and  I  was  in  a  position 
to  make  the  decision  and  work  within  the  municipal 
code  in  the  most  effective  way-possible." 

While  Haugan  is  generally  happy  with  the  flexibil¬ 
ity  of  leading  a  smaller  IT  organization,  he  admits  to 
concern  over  the  inevitable  salary  hit.  (Computerworld’s 
zoii  Salary  Survey  shows  that  CIOs  and  VPs  of  IT  at 


If  you  start  exceeding  the  five-year  mark, 
you  need  to  think  from  a  career  perspective,  *Am  I 
happy  staying  in  this  type  of  setting  from  now  on?* 

JOHN  REED,  EXECUTIVE  DIRECTOR.  ROBERT  HALF  TECHNOLOGV 


With  management  experience  in  both  small  and 
large  municipal  IT  departments.  Paul  Haugan  believes 
the  difference  between  the  two  relates  primarily  to  the 
amount  of  ted  tape  attached  to  a  given  tech  project. 

During  a  previous  role  at  the  city  of  Fresno,  Calif., 
where  Haugan,  54,  helped  oversee  an  IT  group  of 
75,  it  took  about  15  months  to  push  both  a  business 
intelligence  project  and  a  time  and  attendance  system 
through  the  proper  chatmels  to  get  funding.  In  his 
current  role  as  CTO  of  the  city  of  Lynnwood,  Wash., 
the  same  projects  took  around  three  months,  all  told. 

“In  a  big  operation  like  Fresno,  by  the  time  [you] 
go  through  tte  bureaucratic  administrative  steps  just 
to  get  a  project  done,  the  technology  is  obsolete,"  says 
Haugan,  who  is  now  responsible  for  about  10  people 
supporting  close  to  500  end  users  and  who  oversees  an 
IT  budget  of  between  $2  million  and  $2.9  million.  "I’m 
a  firm  believer  in  technology’s  opportunity  to  enact 
significant  change.  I’m  one  of  those  guys  who  can’t 
wait  for  the  bureaucratic  wheels  to  turn,  because  there 
is  too  much  value  being  lost.” 

Haugan  cites  projects  invdving  aging  phone  systems 


companies  with  fewer  than  too  employees  earn  about 
44%  less  than  the  average  compensation  for  those  posi¬ 
tions  across  organizations  of  all  sizes.) 

Beyrmd  that,  he’s  worried  that  he  may  not  be  fully 
devefopng  the  sophisticated  pditical  awareness  that’s 
required  to  make  things  hap^  in  a  larger  organization. 

Still,  Haugan  believes  the  skills  he  has  honed  could 
directly  translate  to  a  larger  organization.  “Evetythit^ 

1  have  learned  at  a  big  city,  I  have  used  in  the  small 
one.  Everything  I  learned  in  the  nonprofit  world,  1  have 
used  at  both  the  big  and  smaller  cities,"  he  points  out. 

“My  greatest  strengths  areln  relationship-building 
and  innovation.  These  are  skills  that  translate  across 
the  board,”  Haugan  says. 

Making  a  Difference,  Fulfilling  a  Mission 

As  aO  of  the  nonprofit  Make-AWisb  Foundation 
of  America,  Jim  Toy,  43,  finds  fulfillment  not  just  in 
helpih^his  organization  carry  out  its  mission  (to  grant 
the  wi|hes  of  children  with  life-threatening  medical 
conditjpns),  but  also  in  orchestrating  leatling-edge 
technology  deployments  with  an  eye  toward  maximiz- 
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supply  of  vendor-branded  pens,  but  also 


U  At  RSAJ  can  catch  up  with  past  bosses, 

colieagiies  and  other  security-minded  folks. 
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Getting  Validation  at  RSA 


MV  MCCCA  IS  llie  RSA  Con- 

Febniar>  in  San  Francisco. 

colleagues,  schoolmates  and  other  security- 
minded  folks.  We  catch  up  on  a  personal 
level  and  freeh  discuss  am'  and  all  security 
topics.  I  also  enjoy  having  all  the  vendors 
—  major  as  well  as  up-ancFcoming  — 
in  one  spot.  And  the  various  brealwHit 
sessions  and  kev  note  ulks  teach  nie 

something  new  or.  even  _ 

better,  val  idate  my  secu  rity  I 

program  and  priorities. 

RSA  can  be  over¬ 
whelming  if  you  don't  I 

plan  ahead.  Every  )x>ar. 

I  look  for  interesting  breakout  sessions 
and  list  the  vendors  I'd  like  to  meet  with. 
And  I  enter  the  conference  w  ith  a  focus 
on  several  pressing  issues. 

This  year,  the  first  issue  was  BYOD. 

My  CIO  wants  the  IT  department  to 
let  employees  use  their  own  devices  for 
business.  I’ve  had  misgivings  about  this 
from  the  beginning,  and  the  consensus 
that  emerged  from  several  sessions, 
meetings  w  ith  vendors  and  discu-ssions 
with  other  professionals  was  that  BYOD 


manv  problems  that  an  IT  department 

support,  compatibility  with  existing 
infrastructure,  the  danger  of  losing 
intellectual  property  and  the  difficulty  of 
securing  the  devices.  Technologies  like 
virtual  desktops  can  help  enable  BYOD, 
but  at  the  end  of  the  day,  most  of  us 
security  folks  are  shying  away  from  this 

A  related  issue  was  mobility.  Em¬ 
ployees  are  itching  to'  get  their  iPads. 

_  Androids  and  other 

tablet  devices  on  our 
networks.  Most  of  the 
security  people  I  talked 
to  agreed  with  me  that 
there  are  significant 
security  concerns,  but  in  this  case,  the 
overwhelming  feeling  was  that  enabling 
mobile  devices  is  a  problem  that  needs  to 
be  solved.  Face  it:  Employees  are  figuring 
out  risky  work-arounds,  such  as  syncing 
their  corporate  files  to  cloud  file-sharing 

code,  financial  spreadsheets,  custom¬ 
ers'  personally  identifiable  information, 
healthcare  data)  from  their  mobile  and 
other  noncorporate,  untrusted  resources. 
Belter  to  come  up  with  a  more  secure  ap¬ 


At  RSA,  I  can  catch  up  with  past  bosses, 
colleagues  and  other  security-minded  folks. 


proach  and  cut  off  these  riskier  tactics. 

Tlien  there’s  cloud  computing.  My 
company  is  deploying  single  sign-on  for 

of  course;  Y(>u  just  enter  ycmr  credentials 

access  to  dozens  of  corporate  and  person¬ 
al  applications.  At  RSA.  I  quickly  found 

convenience  is  fraught  with  peril.  Say  an 
employees  credentials  are  compromised 
by  a  keylogger  on  an  unirusled  kiosk;  his 
corporate  and  personal  life  is  compro¬ 
mised  as  well.  Two-factor  authentication 
would  help,  but  it’s  not  universal  yet,  and 
.some  vendors  have  a  sketchy  idea  of  what 
is  needed  in  two-factor  aulltentication. 
which  should  be  in  the  form  of  a  one-time 
password  containing  something  you  have 
and  something  you  know.  For  example, 
one  company  requires  a  username,  a 
password  and  a  single  security  question 
and  calls  that  two-factor.  Sorry,  but  no.  A 
ke)  logger  can  grab  all  of  that. 

Speaking  of  the  cloud,  I  talked  to  a  lot 
of  people  about  my  new  policy  of  locking 
down  Salesforce.com.  and  almost  all  of 
them  agreed  that  access  to  software-as- 

tive  corporate  data  should  be  restricted 

Another  thing  I  looked  into  was  secu¬ 
rity-awareness  training.  One  company 
that  piqued  my  interest  was  Green  Idea, 
which  has  created  some  entertaining. 

Now  I’m  back  in  the  office  with  a  fresh 
supply  of  vendor-branded  pens,  but  also 
a  lot  of  brochures  and  business  cards 
that  should  help  me  continue  to  raise  the 
security  bar  for  my  company.  ♦ 

riry  manager,  “Mathias  Thurman,”  whose 
name  and  emp/o)'er  have  been  disguised  for 
obviou.s  reasons.  Contact  him  at  mafhias_ 
thurman@>’a)K)0.com. 
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Price  is  a  big 
weakness 
when  every 
player  in  the 
virtualiza¬ 
tion  market 
is  offering  a 
free  option. 


-  OPINION 

ilVAUGHANNICHOLS 

DoesVMware 
Have  a  Real  Future? 


WE  ALL  KNOW  that  technologies  come  and  go.  Sometimes, 

technology  companies  do  the  same  thing.  I’ve  long  thought  that 
VMware’s  days  were  numbered,  and  not  because  there’s 
anything  wrong  with  its  technology. 


VMware  has  dominated  the  virtualization 
market  ever  since  that  market  came  into  being. 

It  has  done  so  the  old-fashioned  way:  by  offering 
good  software  and  support.  What  could  go  wrong? 
Well,  price  is  a  big  weakness  when  every  player  in 
the  market,  VMware  included,  is  either  offering  a 
free  virtualization  program  or  baking  one  into  their 
operating  systems.  It’s  hard  to  compete  with  free. 

Though  VMware  provides  its  low-end  offerings 
for  free,  it  can’t  stay  in  the  game  by  relying  on 
those  alone;  it  makes  its  money  exclusively  from 
selling  high-end  virtualization  and  virtualization 
management  software.  Utdike  its  competitors, 
VMware  doesn’t  have  much  of  a  revenue  stream 
from  operating  systems  and  other  products.  And 
when  it  attempted  to  overcome  that  weakness,  it 
was  blindsided.  More  on  that  in  a  bit. 

VMware’s  biggest  problem  is  one  that  has 
laid  other  companies  low:  Microsoft.  Slowly  but 
surely,  Microsoft’s  Hyper-V  has  been  making  gains 
against  VMware’s  ESX.  Gartner  ptO)ects  that  in 
2012,  Hyper-V  will  account  for  27%  of  the  market, 
up  from  11%  two  years  ago.  Within  that  projected 


and  Red  Hat,  have  banded  together  in  the  Open 
Virtualization  Alliance  to  promote  an  open-source 
virtualization  platform  —  Kernel-based  Virtual 
Machine  (KVM)  —  as  an  alternative  to  VMware. 

KVM  has  been  maturing.  Red  Hat’s  third 
version  of  its  KVM-based  Red  Hat  Enterprise 
Virtualization  program  is  greatly  improved.  Some 
experts,  like  IDC  analyst  Gary  Chen,  think  it  has 
what  it  takes  to  compete.  And,  of  course.  Red  Hat 
is  the  Microsoft  of  the  Linux  market. 

VMware  has  acted  as  if  it,  trw,  can  see  what’s 
comity  It  wisely  tried  to  get  into  the  operating 
system  game  by  buying  Novell  and  its  SUSE  Linux 
distribution,  but  at  the  last  minute,  rlark  horse 
Attachmate  swooped  in  and  snapped  up  Novell. 
How  could  sleepy  little  Attachmate  pull  this  deal 
off?  With  a  lot  of  help  from  Mictrjsoft,  that’s  how. 
To  my  mind,  that  incident  suggests  that  Microsoft 
still  knows  how  to  play  hardball.  Or  maybe  the 
erative  metaphor  is  chess;  Microsoft  was  lookir 
several  moves  ahead.  It  didn’t  want  VMware  to 
able  to  combine  its  strong  virtualization  portfolio 
with  a  strong  business  Linux  server. 
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HE  TABLET  PHENOMENON  is  bigger  than  you  probably  realize. 
Before  the  “new  iPad”  debuted,  Apple  announced  that  it  had  sold 
55  million  of  its  tablets  to  date.  Apple  CEO  Tim  Cook  helped  put 
that  figure  in  perspective  at  a  conference  in  February:  “It  took  us 


22  years  to  sell  55  million  Macs,"  he  reportedly 
said.  "It  tcK*  us  about  6ve  years  to  sell  22  million 
iPods,  and  it  took  us  about  three  years  to  sell 
that  many  iPhones.”  The  fact  that  the  iPad  sold 
55  million  units  in  less  than  two  years  tells  us 
something:  TaUets  are  a  runaway  success. 

Indeed,  IDC  in  February  fwecast  rapid  growth 
in  sales  of  Android  tablets  as  well  as  continued 
sales  growth  for  iPads.  The  market  research  firm 
forecasts  that  just  under  90  million  tablets  will 
be  sold  worldwide  this  year.  In  20C5,  according 
to  IDC,  tablet  sales  will  come  within  striking  dis¬ 
tance  of  140  million,  with  Apples  iOS  capturing 
51%  of  sales  and  Android  grabbing  47%. 

Do  those  numbers  make  you  think  PCs  are 
dead?  Actually,  sales  of  PCs  ate  growing  modestly. 
According  to  a  Match  2012  Gartner  report,  global 
PC  shipments  ate  expected  to  hit  368  million 
units  this  year,  for  a  4.4%  increase  over  last  year. 
Gartner  also  expects  the  PC  market  to  be  stronger 
in  2013,  with  sales  projected  to  teach  400  million 
units.  Desktop  and  notebook  PCs  aren’t  even  dose 
to  being  dead  yet. 

One  reason  is  that  tablets  don't  perform  all 
PC  functkxis  well.  Anyone  who  uses  a  notebook 
PC  several  hours  a  day  to  read  email,  surf  the 
Web,  edit  documents,  spreadsheets  and  presenta¬ 
tions,  and  work  with  enterprise  apps  —  and  that 
describes  a  lot  of  people  —  makes  heavy  use  of  a 
keyboard.  Most  tablets  provide  virtual  keyboards, 
whkh  are  only  barely  adequate  for  long-duration 
touch-typing.  Tablets  were  not  designed  for  typing. 
I  contend  that  until  tablets  offer  lightweight  and 
compact  add-on  keyboarrls,  business  tablet  users 


will  for  the  most  part  need  notebook  or  desktop 

I  had  intended  to  fixais  a  bit  more  on  Apple’s 
“new  iPad,”  which  was  arriving  on  US.  shores  as 
I  began  to  write  this  column.  But  truthfully.  I’m 
somewhat  ambivalent  about  the  third-generation 
iPad.  The  high-resolution  display  is  a  cleat  im¬ 
provement.  But  when  all  is  said  and  done,  what 
this  new  iPad  will  likely  be  remembered  for  is  that 
it  sold  in  even  greater  numbers  than  the  iPad  2  did. 

I  think  broader  market  dynamics  ace  a  more 
compelling  story.  The  dramatic  uptake  on  tablets, 
for  both  consumer  and  business  use,  is  a  clear 
indicator  that,  while  the  PC  isn’t  dead,  its  days  ace 
numbered.  Evidently  there’s  pent-up  demand  for 
a  device  that  is  grab-and-go  portable  and  that  can 
be  used  just  about  anywhere,  conveniently.  And 
that  need  dovetails  nicely  with  the  proliforation  of 
location-based  app  services. 

If  you  think  of  them  as  take-anywhere  versions 
ol  notebook  PCs,  tablets  ate  merely  the  trext  rung 
on  the  30-year  evrdutionary  ladtler  that  has  in¬ 
cluded  tower  desktop  machines;  luggable,  sewing- 
machine-size  “portaWes”:  and  7-lb.  notebook  PCs. 
The  PC  has  been  getting  smaller  since  its  incep¬ 
tion,  and  the  tablet  is  the  next  iteration. 

What  am  I  driving  at?  1  think  tablets  are 
growing  at  such  a  prodigious  rate  that  they  can’t 
help  but  have  a  greater-than-the-sum-of-its-parts 
eff^  on  computing;  IDC’s  prediction  that  tablet 
sales  will  hit  nearly  140  million  units  in  2015 
strikes  me  as  conservative.  PC  makers  have  no 
interest  in  seeing  the  PC  die  off.  But  the  market  is 
speaking  loudly  and  clearly,  e 
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